CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14468

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile44.50th
PublishedApr 5, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware.

Affected Platforms (CPE)

💻
Rockwellautomation

Micrologix 1400 B Firmware

<= 21.2

References & Advisories

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

Related Vulnerabilities

CVE-2012-64379.8

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the E...

CVE-2017-120907.7

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 ...

CVE-2016-56457.3

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA device...

CVE-2017-120935.3

An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Microlo...